Researchers Identify Critical Vulnerability in Apache ParquetIt Enables Execution of Arbitrary CodeA Patch is Now Available, Users Advised to Update

Apache Parquet, a widely-utilized columnar storage file format, has been flagged for a critical vulnerability that could enable attackers to execute arbitrary code on compromised systems.

This file format is designed for high-efficiency data storage and processing, making it a popular choice within big data and analytics sectors, with major companies like Amazon, Google, Microsoft, and Meta relying on it for their operations.

The vulnerability, discovered on April 1, 2025, by Amazon security researcher Key Li, is cataloged as CVE-2025-30065 and is rated with a maximum severity score of 10 out of 10, indicating a critical security flaw.

Patch and Mitigations

According to a brief on the National Vulnerability Database (NVD), “Schema parsing in the parquet-avro module of Apache Parquet versions 1.15.0 and earlier allows malicious users to execute arbitrary code.” Users are strongly recommended to upgrade to version 1.15.1, which addresses this flaw.

The security issue arises from the deserialization of untrusted data, giving threat actors a pathway to control target systems through specifically crafted Parquet files.

However, the necessity for victims to be deceived into importing the malicious files suggests that the immediacy of the threat might be mitigated, despite the critical scoring of the vulnerability.

For those unable to promptly update their Apache Parquet installations to version 1.15.1, it is advised to refrain from using untrusted Parquet files or to thoroughly scrutinize them before engagement.

Moreover, IT departments are encouraged to enhance monitoring and logging of their Parquet processing environments in light of this vulnerability.

As of now, there have been no reports indicating that the vulnerability has been exploited in the wild. However, past patterns show that cybercriminals often begin scanning for vulnerable systems following the release of a patch, anticipating that some organizations may delay in implementing security updates.

Continuing coverage can be found on BleepingComputer

Source
www.techradar.com

Apache Parquet Users Urged to Address Critical Security Vulnerability Immediately

Patch and Mitigations

You might also like

EA Allegedly Cancels Another Titanfall Game and Cuts Hundreds of Jobs

A2 Hosting Unveils New Identity as Hosting.com

SpaceX Sends 23 Starlink Satellites into Orbit with Falcon 9 Rocket from Cape Canaveral

NASA Reaches New Heights in the First 100 Days of the Trump Administration

CBS Evening News Plus: April 29 Edition

Carême Review – A Sizzling French Adventure Featuring a Chef That’s Too Hot to Handle | Television & Radio

Breaking news

CBS Evening News Plus: April 29 Edition

Kid Rock Labels Media as ‘Public Enemy Number One’ for Ignoring Trump’s Olive Branches

Ukraine Reports 120,000 Defective Mortar Rounds Sent to Front Line Due to Cost-Cutting Measures by Manufacturer

Mattias Janmark’s Goal Leads Dominant Oilers to 3-1 Victory Over Kings

Blake Lively Experiences Wardrobe Glitch at Another Simple Favor Premiere

In Pursuit of Christie Wilson

Conservative Commentator David Horowitz Passes Away at 86